Vulnerability Description
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
CVSS Score
7.3
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pdfkit Project | Pdfkit | >= 0.0.0 |
| Fedoraproject | Fedora | 35 |
References
- http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.htm
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lThird Party Advisory
- https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50Third Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795ExploitThird Party Advisory
- http://packetstormsecurity.com/files/171746/pdfkit-0.8.7.2-Command-Injection.htm
- https://github.com/pdfkit/pdfkit/blob/46cdf53ec540da1a1a2e4da979e3e5fe2f92a257/lThird Party Advisory
- https://github.com/pdfkit/pdfkit/blob/master/lib/pdfkit/source.rb%23L44-L50Third Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://security.snyk.io/vuln/SNYK-RUBY-PDFKIT-2869795ExploitThird Party Advisory
FAQ
What is CVE-2022-25765?
CVE-2022-25765 is a vulnerability with a CVSS score of 7.3 (HIGH). The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.
How severe is CVE-2022-25765?
CVE-2022-25765 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-25765?
Check the references section above for vendor advisories and patch information. Affected products include: Pdfkit Project Pdfkit, Fedoraproject Fedora.